Example 1 with Signature
use of java.security.Signature in project camel by apache.
the class SigningProcessor method process.
public void process(Exchange exchange) throws Exception {
Signature service = initSignatureService(exchange);
calculateSignature(exchange, service);
byte[] signature = service.sign();
Message in = exchange.getIn();
clearMessageHeaders(in);
Message out = exchange.getOut();
out.copyFrom(in);
out.setHeader(config.getSignatureHeaderName(), new Base64().encode(signature));
}Example 2 with Signature
use of java.security.Signature in project camel by apache.
the class SigningProcessor method initSignatureService.
protected Signature initSignatureService(Exchange exchange) throws Exception {
PrivateKey pk = getPrivateKeyFromKeystoreOrExchange(exchange);
SecureRandom random = config.getSecureRandom();
Signature service = createSignatureService();
if (random != null) {
service.initSign(pk, random);
} else {
service.initSign(pk);
}
return service;
}
Also used :
PrivateKey(java.security.PrivateKey)
Signature(java.security.Signature)
SecureRandom(java.security.SecureRandom)
Example 3 with Signature
use of java.security.Signature in project camel by apache.
the class RSAKeyPairIdentity method getSignature.
@Override
public byte[] getSignature(byte[] data) {
PrivateKey prvKey = keyPair.getPrivate();
Signature sig;
try {
sig = Signature.getInstance("SHA1withRSA");
sig.initSign(prvKey);
sig.update(data);
byte[] sshRsa = ALGORITHM_TYPE.getBytes();
byte[] signature = sig.sign();
byte[] result = new byte[sshRsa.length + 4 + signature.length + 4];
int index = 0;
byte[] intAsByteArray = ByteBuffer.allocate(4).putInt(sshRsa.length).array();
System.arraycopy(intAsByteArray, 0, result, index, 4);
index += 4;
System.arraycopy(sshRsa, 0, result, index, sshRsa.length);
index += sshRsa.length;
intAsByteArray = ByteBuffer.allocate(4).putInt(signature.length).array();
System.arraycopy(intAsByteArray, 0, result, index, 4);
index += 4;
System.arraycopy(signature, 0, result, index, signature.length);
return result;
} catch (NoSuchAlgorithmException e) {
log.error("Cannot sign", e);
} catch (InvalidKeyException e) {
log.error("Cannot sign", e);
} catch (SignatureException e) {
log.error("Cannot sign", e);
}
return null;
}
Also used :
PrivateKey(java.security.PrivateKey)
Signature(java.security.Signature)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SignatureException(java.security.SignatureException)
InvalidKeyException(java.security.InvalidKeyException)
Example 4 with Signature
use of java.security.Signature in project android_frameworks_base by ParanoidAndroid.
the class RecoverySystem method verifyPackage.
/**
* Verify the cryptographic signature of a system update package
* before installing it. Note that the package is also verified
* separately by the installer once the device is rebooted into
* the recovery system. This function will return only if the
* package was successfully verified; otherwise it will throw an
* exception.
*
* Verification of a package can take significant time, so this
* function should not be called from a UI thread. Interrupting
* the thread while this function is in progress will result in a
* SecurityException being thrown (and the thread's interrupt flag
* will be cleared).
*
* @param packageFile the package to be verified
* @param listener an object to receive periodic progress
* updates as verification proceeds. May be null.
* @param deviceCertsZipFile the zip file of certificates whose
* public keys we will accept. Verification succeeds if the
* package is signed by the private key corresponding to any
* public key in this file. May be null to use the system default
* file (currently "/system/etc/security/otacerts.zip").
*
* @throws IOException if there were any errors reading the
* package or certs files.
* @throws GeneralSecurityException if verification failed
*/
public static void verifyPackage(File packageFile, ProgressListener listener, File deviceCertsZipFile) throws IOException, GeneralSecurityException {
long fileLen = packageFile.length();
RandomAccessFile raf = new RandomAccessFile(packageFile, "r");
try {
int lastPercent = 0;
long lastPublishTime = System.currentTimeMillis();
if (listener != null) {
listener.onProgress(lastPercent);
}
raf.seek(fileLen - 6);
byte[] footer = new byte[6];
raf.readFully(footer);
if (footer[2] != (byte) 0xff || footer[3] != (byte) 0xff) {
throw new SignatureException("no signature in file (no footer)");
}
int commentSize = (footer[4] & 0xff) | ((footer[5] & 0xff) << 8);
int signatureStart = (footer[0] & 0xff) | ((footer[1] & 0xff) << 8);
byte[] eocd = new byte[commentSize + 22];
raf.seek(fileLen - (commentSize + 22));
raf.readFully(eocd);
// end-of-central-directory record.
if (eocd[0] != (byte) 0x50 || eocd[1] != (byte) 0x4b || eocd[2] != (byte) 0x05 || eocd[3] != (byte) 0x06) {
throw new SignatureException("no signature in file (bad footer)");
}
for (int i = 4; i < eocd.length - 3; ++i) {
if (eocd[i] == (byte) 0x50 && eocd[i + 1] == (byte) 0x4b && eocd[i + 2] == (byte) 0x05 && eocd[i + 3] == (byte) 0x06) {
throw new SignatureException("EOCD marker found after start of EOCD");
}
}
// The following code is largely copied from
// JarUtils.verifySignature(). We could just *call* that
// method here if that function didn't read the entire
// input (ie, the whole OTA package) into memory just to
// compute its message digest.
BerInputStream bis = new BerInputStream(new ByteArrayInputStream(eocd, commentSize + 22 - signatureStart, signatureStart));
ContentInfo info = (ContentInfo) ContentInfo.ASN1.decode(bis);
SignedData signedData = info.getSignedData();
if (signedData == null) {
throw new IOException("signedData is null");
}
Collection encCerts = signedData.getCertificates();
if (encCerts.isEmpty()) {
throw new IOException("encCerts is empty");
}
// Take the first certificate from the signature (packages
// should contain only one).
Iterator it = encCerts.iterator();
X509Certificate cert = null;
if (it.hasNext()) {
cert = new X509CertImpl((org.apache.harmony.security.x509.Certificate) it.next());
} else {
throw new SignatureException("signature contains no certificates");
}
List sigInfos = signedData.getSignerInfos();
SignerInfo sigInfo;
if (!sigInfos.isEmpty()) {
sigInfo = (SignerInfo) sigInfos.get(0);
} else {
throw new IOException("no signer infos!");
}
// Check that the public key of the certificate contained
// in the package equals one of our trusted public keys.
HashSet<Certificate> trusted = getTrustedCerts(deviceCertsZipFile == null ? DEFAULT_KEYSTORE : deviceCertsZipFile);
PublicKey signatureKey = cert.getPublicKey();
boolean verified = false;
for (Certificate c : trusted) {
if (c.getPublicKey().equals(signatureKey)) {
verified = true;
break;
}
}
if (!verified) {
throw new SignatureException("signature doesn't match any trusted key");
}
// The signature cert matches a trusted key. Now verify that
// the digest in the cert matches the actual file data.
// The verifier in recovery *only* handles SHA1withRSA
// signatures. SignApk.java always uses SHA1withRSA, no
// matter what the cert says to use. Ignore
// cert.getSigAlgName(), and instead use whatever
// algorithm is used by the signature (which should be
// SHA1withRSA).
String da = sigInfo.getDigestAlgorithm();
String dea = sigInfo.getDigestEncryptionAlgorithm();
String alg = null;
if (da == null || dea == null) {
// fall back to the cert algorithm if the sig one
// doesn't look right.
alg = cert.getSigAlgName();
} else {
alg = da + "with" + dea;
}
Signature sig = Signature.getInstance(alg);
sig.initVerify(cert);
// The signature covers all of the OTA package except the
// archive comment and its 2-byte length.
long toRead = fileLen - commentSize - 2;
long soFar = 0;
raf.seek(0);
byte[] buffer = new byte[4096];
boolean interrupted = false;
while (soFar < toRead) {
interrupted = Thread.interrupted();
if (interrupted)
break;
int size = buffer.length;
if (soFar + size > toRead) {
size = (int) (toRead - soFar);
}
int read = raf.read(buffer, 0, size);
sig.update(buffer, 0, read);
soFar += read;
if (listener != null) {
long now = System.currentTimeMillis();
int p = (int) (soFar * 100 / toRead);
if (p > lastPercent && now - lastPublishTime > PUBLISH_PROGRESS_INTERVAL_MS) {
lastPercent = p;
lastPublishTime = now;
listener.onProgress(lastPercent);
}
}
}
if (listener != null) {
listener.onProgress(100);
}
if (interrupted) {
throw new SignatureException("verification was interrupted");
}
if (!sig.verify(sigInfo.getEncryptedDigest())) {
throw new SignatureException("signature digest verification failed");
}
} finally {
raf.close();
}
}
Also used :
SignedData(org.apache.harmony.security.pkcs7.SignedData)
PublicKey(java.security.PublicKey)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
SignerInfo(org.apache.harmony.security.pkcs7.SignerInfo)
RandomAccessFile(java.io.RandomAccessFile)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo)
X509CertImpl(org.apache.harmony.security.provider.cert.X509CertImpl)
Signature(java.security.Signature)
Iterator(java.util.Iterator)
Collection(java.util.Collection)
List(java.util.List)
BerInputStream(org.apache.harmony.security.asn1.BerInputStream)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 5 with Signature
use of java.security.Signature in project SeriesGuide by UweTrottmann.
the class Security method verify.
/**
* Verifies that the signature from the server matches the computed
* signature on the data. Returns true if the data is correctly signed.
*
* @param publicKey public key associated with the developer account
* @param signedData signed data from server
* @param signature server signature
* @return true if the data and signature match
*/
public static boolean verify(PublicKey publicKey, String signedData, String signature) {
Signature sig;
try {
sig = Signature.getInstance(SIGNATURE_ALGORITHM);
sig.initVerify(publicKey);
sig.update(signedData.getBytes());
if (!sig.verify(Base64.decode(signature))) {
Timber.e("Signature verification failed.");
return false;
}
return true;
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | Base64DecoderException e) {
Timber.e(e, "Signature verification aborted.");
}
return false;
}
Also used :
Signature(java.security.Signature)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SignatureException(java.security.SignatureException)
InvalidKeyException(java.security.InvalidKeyException)
Aggregations
Signature (java.security.Signature)242
SignatureException (java.security.SignatureException)84
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)69
InvalidKeyException (java.security.InvalidKeyException)61
PublicKey (java.security.PublicKey)59
KeyFactory (java.security.KeyFactory)41
PrivateKey (java.security.PrivateKey)38
IOException (java.io.IOException)36
X509Certificate (java.security.cert.X509Certificate)24
RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)23
KeyPair (java.security.KeyPair)19
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)18
KeyPairGenerator (java.security.KeyPairGenerator)16
MySignature1 (org.apache.harmony.security.tests.support.MySignature1)16
GeneralSecurityException (java.security.GeneralSecurityException)15
ByteArrayInputStream (java.io.ByteArrayInputStream)14
BigInteger (java.math.BigInteger)14
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)14
CertificateException (java.security.cert.CertificateException)14
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)14
